Ok, I've got one; apparently from a gmail user to my gmail account, then forwarded from my gmail account to an external account. The html links go to a blogspot.com site, then redirect to some Pharmacy Express site.
Raw Message: http://bubba.org/spam/spam_lowscore.txt Message renders like this: http://bubba.org/spam/spam_lowscore.jpg X-Spam-Status: No, score=-0.5 required=4.5 tests=BAYES_50,HTML_MESSAGE, SPF_PASS autolearn=no version=3.1.8 X-Spam-Report: * -0.5 SPF_PASS SPF: sender matches SPF record * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.4641] Any ideas for detecting these? -B
